Lucene search

[email protected]CVE-2015-8329

HistoryNov 24, 2015 - 8:59 p.m.

CVE-2015-8329

2015-11-2420:59:00

CWE-310

[email protected]

web.nvd.nist.gov

sap

mii

cve-2015-8329

vulnerability

encryption

downgrade attack

password decryption

nvd

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.1%

JSON

SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274.

CPENameOperatorVersion
sap:manufacturing_integration_and_intelligencesap manufacturing integration and intelligenceeq14.0
sap:manufacturing_integration_and_intelligencesap manufacturing integration and intelligenceeq12.2
sap:manufacturing_integration_and_intelligencesap manufacturing integration and intelligenceeq15.0

CPE	Name	Operator	Version
sap:manufacturing_integration_and_intelligence	sap manufacturing integration and intelligence	eq	14.0
sap:manufacturing_integration_and_intelligence	sap manufacturing integration and intelligence	eq	12.2
sap:manufacturing_integration_and_intelligence	sap manufacturing integration and intelligence	eq	15.0

References

packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html

seclists.org/fulldisclosure/2016/Feb/68

erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.1%

JSON

Related for CVE-2015-8329

cvelist1 prion1 erpscan1